last executing test programs: 21.350241411s ago: executing program 1 (id=290): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480), 0x202, 0x0) mmap(&(0x7f0000005000/0x4000)=nil, 0x4000, 0x1000001, 0x2172, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) futex(&(0x7f0000004000)=0x2, 0x8d, 0x2, 0x0, 0x0, 0x82) bpf$PROG_LOAD(0x5, 0x0, 0x0) io_setup(0x3, &(0x7f00000000c0)=0x0) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r1 = socket$igmp(0x2, 0x3, 0x2) getsockopt$IPT_SO_GET_INFO(r1, 0x0, 0x40, &(0x7f00000002c0)={'nat\x00', 0x0, [0x0, 0x9bb, 0xc, 0x7fffffff, 0xc335]}, &(0x7f0000000040)=0x54) r2 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') openat$binfmt(0xffffffffffffff9c, r2, 0x42, 0x1ff) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5) unshare(0x24020400) r4 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)=[0x4], 0x0, 0x0, 0x1, 0x1}}, 0x40) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={r4, 0xffffffffffffffdc, &(0x7f00000002c0)}, 0x10) io_submit(r0, 0x0, 0x0) eventfd2(0x8, 0x80001) r5 = syz_open_procfs(0x0, &(0x7f0000000380)='uid_map\x00') read$FUSE(r5, &(0x7f0000002180)={0x2020}, 0x2020) mknodat$loop(r5, &(0x7f0000000080)='./file0\x00', 0x200, 0x1) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20d42, 0x4) r6 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x4) fcntl$setstatus(r6, 0x4, 0x42000) 18.716789187s ago: executing program 1 (id=292): r0 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x41982) readv(r0, &(0x7f0000000500)=[{0x0}], 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x2, 0x0, 0x2, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r5, 0x11b, 0x2, &(0x7f00000001c0)=0x1004, 0x4) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYRES64=0x0], 0x118) fsopen(&(0x7f0000000280)='cifs\x00', 0x0) syz_open_dev$vim2m(&(0x7f0000000040), 0x7, 0x2) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x88fd537e5e114b6f, 0x12, 0xffffffffffffffff, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f00000002c0)={0x0, 0x0, @pic={0x74, 0xc0, 0x8, 0x6, 0xf9, 0x2, 0xf, 0x4, 0x3, 0x0, 0x67, 0x58, 0xa0, 0x2, 0x6, 0x7e}}) ioctl$TCSETS2(0xffffffffffffffff, 0x402c542b, 0x0) ioctl$KVM_SET_REGS(r6, 0x4090ae82, 0x0) unshare(0x8040600) ioctl$KVM_RUN(r6, 0xae80, 0x0) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x8004, 0x0, 0x81, 0xffffffff}) 17.63290715s ago: executing program 3 (id=294): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_PROMISC(r1, 0x6b, 0x2, &(0x7f0000000200)=0x1, 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18) setsockopt$sock_int(r1, 0x1, 0x6, 0x0, 0x0) sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081) syz_open_procfs(0xffffffffffffffff, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x24, 0x68, 0x309, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}, @NHA_ID={0x8, 0x1, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x240400c4}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x2001, 0x0) read(r4, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r6 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r6, &(0x7f0000000000)={0xa, 0xfffe, 0x8, @mcast2, 0x9}, 0x1c) fdatasync(0xffffffffffffffff) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=@newtfilter={0x24, 0x11, 0x1, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x74, r2, {0xffff, 0x8}, {0xfff1, 0xa}, {0x1, 0x8}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x2400c840}, 0x4000850) r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCVHANGUP(r7, 0x5437, 0x8000000) 17.200096985s ago: executing program 4 (id=295): socket$nl_netfilter(0x10, 0x3, 0xc) sched_setscheduler(0x0, 0x1, 0x0) unshare(0x60000600) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x21}}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) unshare(0x22020600) r0 = socket(0x18, 0x800, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000440)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @loopback}}, 0x24) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, 0x0, 0x0, 0x3}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200}, 0x94) r1 = socket$inet(0xa, 0x801, 0x84) connect$inet(r1, 0x0, 0x0) 14.106209059s ago: executing program 1 (id=298): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x200180, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x8081) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_route(0x10, 0x3, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) open(0x0, 0x0, 0xa0) connect$unix(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) r2 = syz_io_uring_setup(0x10d, &(0x7f0000000540)={0x0, 0xd4bb, 0x0, 0xfffffffd}, &(0x7f0000000380)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0x10000, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x2, r1, 0x0, 0x0, 0x0, 0x80800}) io_uring_enter(r2, 0x3517, 0xc2de, 0x9, 0x0, 0x0) syz_usb_connect$uac1(0x0, 0x96, 0x0, 0x0) 13.552674593s ago: executing program 3 (id=300): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_PROMISC(r1, 0x6b, 0x2, &(0x7f0000000200)=0x1, 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18) setsockopt$sock_int(r1, 0x1, 0x6, 0x0, 0x0) sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081) syz_open_procfs(0xffffffffffffffff, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x24, 0x68, 0x309, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}, @NHA_ID={0x8, 0x1, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x240400c4}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x2001, 0x0) read(r4, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r6 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r6, &(0x7f0000000000)={0xa, 0xfffe, 0x8, @mcast2, 0x9}, 0x1c) fdatasync(0xffffffffffffffff) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) setsockopt$SO_J1939_FILTER(r1, 0x6b, 0x1, &(0x7f00000001c0), 0x0) r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCVHANGUP(r7, 0x5437, 0x8000000) 10.33359239s ago: executing program 3 (id=303): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480), 0x202, 0x0) mmap(&(0x7f0000005000/0x4000)=nil, 0x4000, 0x1000001, 0x2172, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) futex(&(0x7f0000004000)=0x2, 0x8d, 0x2, 0x0, 0x0, 0x82) bpf$PROG_LOAD(0x5, 0x0, 0x0) io_setup(0x3, &(0x7f00000000c0)=0x0) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r2 = socket$igmp(0x2, 0x3, 0x2) getsockopt$IPT_SO_GET_INFO(r2, 0x0, 0x40, &(0x7f00000002c0)={'nat\x00', 0x0, [0x0, 0x9bb, 0xc, 0x7fffffff, 0xc335]}, &(0x7f0000000040)=0x54) r3 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') openat$binfmt(0xffffffffffffff9c, r3, 0x42, 0x1ff) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5) unshare(0x24020400) r5 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r4, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)=[0x4], 0x0, 0x0, 0x1, 0x1}}, 0x40) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={r5, 0xffffffffffffffdc, &(0x7f00000002c0)}, 0x10) io_submit(r1, 0x0, 0x0) eventfd2(0x8, 0x80001) ioctl$XFS_IOC_FSINUMBERS(r0, 0xc0205867, &(0x7f0000000440)={&(0x7f00000001c0)=0x8000007, 0xfffffffe, &(0x7f00000007c0)=[{}, {}, {}, {}], &(0x7f00000003c0)}) r6 = syz_open_procfs(0x0, &(0x7f0000000380)='uid_map\x00') mknodat$loop(r6, &(0x7f0000000080)='./file0\x00', 0x200, 0x1) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20d42, 0x4) r7 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x4) fcntl$setstatus(r7, 0x4, 0x42000) 9.894724162s ago: executing program 1 (id=304): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000040)={0x8001, 0x3, 0x7, 0xdedf, 0x2, "ad96511488443a47"}) ioctl$TIOCMSET(r0, 0x5418, &(0x7f0000000000)=0x8004) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0) r1 = socket$netlink(0x10, 0x3, 0x8000000004) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080)=0xc4, 0x4) syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f00000006c0)='./file0\x00', 0x0, &(0x7f0000000c00), 0x1, 0xb87, &(0x7f00000017c0)="$eJzs3c9vFFUcAPDvzG5LKWgX40GMCTUeIDFsW0BB4gE8Gg8mkqAnXPuDNCxgaE0sIbHcTLyowZMnT2qiR6+GGPXkweiJ/8CQEFP4A2pmdras7W5LYcuQ9vNJZve9eSzvO02++9503nQC2LFGs5c0Yn9EfJ5EjBT704gYzEtDEYutf3dv6dpktiWxvPzOv0kkEXF36dpk+/9Kivc92Us1/2T89UvEM5W1/c4tXL3QaDanrxT1sfmLH47NLVw9PHuxcX76/PSlI6+OH5147diJV47d/9DQox3rwvH0sz/ffOO7G+e+/uPHEy98msSp2Fu0dR5Hv4zG6MrPpFM1It7rd2clqRTH0+04AQB48qQdc7j9MRKVvNQyEvXZUoMDAAAA+uKTiFgGAAAAtrnE+T8AAABsc+11AHeXrk22t3JXJACPy53TEVFr5X/7/v5WSzUW8/ehGIiI4XtJx51Brfu9a33ofzQifvjq+IFsiy26Dx/obvF6RDzXbfxP8vyvFX90Y3X+pxEx3of+R1fV5T88Pt3yv3VesHH+n+pD//IfAAAAAAAA+ufm6daF/LXX/9OV9T/R5fpfpcu1u4ex8fW/9HYfugG6uHM64vWOZ/vc68j/Qq1S1J7K1wMMJDOzzenxiHg6Ig7FwK6sPrFOH9/+dPLvXm2d6/+yLeu/vRawiON2ddf/PzPVmG88yjEDLXeuRzxf7Zb/ycr4n/RY//v2A/bx29mfZ3q1bZz/wFZZ/ibiYNfx//4T3ZL1n883ls8HxtqzgrXOvvjr9736l/9Qnmz8H14//2tJ5/M65zbfx/jw4fO92h52/j+YnMmfKjpY7Pu4MT9/ZSJiMHlr7f4jm48ZtqN2PrTzJcv/Qy91P/9fb/6fJdn7xbdEGhGN4j2rf7Cqz13nfv+iVzzGfyhPlv9Tmxr/N1/48t2lM736f7Dx/1g+ph8q9vj9H6zvQRO07DgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgSZJGxN5I0vpKOU3r9Yg9EfFsDKfNy3PzL89c/ujSVNYWUYuBdGa2OT0eESOtepLVJ/Ly/fqRVfWjEbEvIm6M7M7r9cnLzamyDx4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAVeyJibyRpPSLSvJym9Xqr7Z+RsqMDAAAA+qZWdgAAAADAlnP+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAj2nfg5q0kIhZP7s63zGDRNlBqZMBWS8sOAChNpewAgNJUyw4AKI1zfCDZoH2oZ4sZBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBOcnD/zVtJRCye3J1vmcGibaDUyICtlpYdAFCaStkBAKWplh0AUBrn+ECyQftQzxYzCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICdZG7h6oVGszl9RWHdQjUinoAwFBQeU6HsbyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2s/8CAAD//yT3/f8=") unshare(0x22020600) r2 = socket$unix(0x1, 0x1, 0x0) listen(r2, 0x0) pselect6(0x40, &(0x7f0000000000)={0x8, 0x4, 0xf84, 0x6, 0xfffffffffffffbff, 0x4800000000005, 0x3b, 0xd4}, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x989680}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001900010029bd7000fbdbdf250000000000000000000000000088000000000000000000000000010100000003000000000200000000000000000000005dc15f81bd7372d4fbfbc9a0eddd9d48f207f5b295d84e840c491cb8eac7a77e24fd6d6b672aa5bc49b7b694605cab5c3c6b303c4300940b3f8834f6c213fbc759d6480d76d05a2f69e2ff55a56f8ba15ad62e550232130c28e97ef3a0621c5047ab37ac743051a9999eca408ecfe5e176f84e", @ANYRES32=0x0, @ANYBLOB], 0xfc}, 0x1, 0x0, 0x0, 0x20000004}, 0x4000) r4 = socket$kcm(0xf, 0x3, 0x2) sendmsg$inet(r4, &(0x7f00000000c0)={0x0, 0xfe, &(0x7f0000000000)=[{&(0x7f0000000040)="0207000902000000e4a17c45c8d260c9", 0x10}], 0x1}, 0x0) r5 = socket$kcm(0x2, 0x5, 0x0) stat(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x3, 0x1c, &(0x7f0000001840)=@ringbuf={{0x18, 0x6}, {{0x18, 0x1, 0x1, 0x0, r9}}, {}, [@snprintf={{}, {0x5, 0x3, 0x3, 0xa, 0x9}, {0x5}, {0x3, 0x3, 0x3, 0xa, 0xa}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r8}, {}, {0x15, 0x0, 0x0, 0x76}}], {{}, {0x5}, {0x28}}}, &(0x7f0000000340)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) fchown(r5, r6, r7) 9.517806742s ago: executing program 2 (id=305): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480), 0x202, 0x0) mmap(&(0x7f0000005000/0x4000)=nil, 0x4000, 0x1000001, 0x2172, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) futex(&(0x7f0000004000)=0x2, 0x8d, 0x2, 0x0, 0x0, 0x82) bpf$PROG_LOAD(0x5, 0x0, 0x0) io_setup(0x3, &(0x7f00000000c0)=0x0) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r2 = socket$igmp(0x2, 0x3, 0x2) getsockopt$IPT_SO_GET_INFO(r2, 0x0, 0x40, &(0x7f00000002c0)={'nat\x00', 0x0, [0x0, 0x9bb, 0xc, 0x7fffffff, 0xc335]}, &(0x7f0000000040)=0x54) r3 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') openat$binfmt(0xffffffffffffff9c, r3, 0x42, 0x1ff) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5) unshare(0x24020400) r5 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r4, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)=[0x4], 0x0, 0x0, 0x1, 0x1}}, 0x40) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={r5, 0xffffffffffffffdc, &(0x7f00000002c0)}, 0x10) io_submit(r1, 0x0, 0x0) eventfd2(0x8, 0x80001) ioctl$XFS_IOC_FSINUMBERS(r0, 0xc0205867, &(0x7f0000000440)={&(0x7f00000001c0)=0x8000007, 0xfffffffe, &(0x7f00000007c0)=[{}, {}, {}, {}], &(0x7f00000003c0)}) read$FUSE(0xffffffffffffffff, &(0x7f0000002180)={0x2020}, 0x2020) mknodat$loop(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x200, 0x1) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20d42, 0x4) r6 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x4) fcntl$setstatus(r6, 0x4, 0x42000) 9.438580006s ago: executing program 4 (id=306): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_PROMISC(r1, 0x6b, 0x2, &(0x7f0000000200)=0x1, 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18) setsockopt$sock_int(r1, 0x1, 0x6, 0x0, 0x0) sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081) syz_open_procfs(0xffffffffffffffff, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x24, 0x68, 0x309, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}, @NHA_ID={0x8, 0x1, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x240400c4}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x2001, 0x0) read(r4, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r6 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r6, &(0x7f0000000000)={0xa, 0xfffe, 0x8, @mcast2, 0x9}, 0x1c) fdatasync(0xffffffffffffffff) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) setsockopt$SO_J1939_FILTER(r1, 0x6b, 0x1, &(0x7f00000001c0), 0x0) r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCVHANGUP(r7, 0x5437, 0x8000000) 9.136756237s ago: executing program 0 (id=307): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_PROMISC(r1, 0x6b, 0x2, &(0x7f0000000200)=0x1, 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18) setsockopt$sock_int(r1, 0x1, 0x6, 0x0, 0x0) sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081) syz_open_procfs(0xffffffffffffffff, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x24, 0x68, 0x309, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}, @NHA_ID={0x8, 0x1, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x240400c4}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x2001, 0x0) read(r4, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r6 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r6, &(0x7f0000000000)={0xa, 0xfffe, 0x8, @mcast2, 0x9}, 0x1c) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) setsockopt$SO_J1939_FILTER(r1, 0x6b, 0x1, &(0x7f00000001c0), 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=@newtfilter={0x24, 0x11, 0x1, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x74, r2, {0xffff, 0x8}, {0xfff1, 0xa}, {0x1, 0x8}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x2400c840}, 0x4000850) r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCVHANGUP(r7, 0x5437, 0x8000000) 7.399965496s ago: executing program 3 (id=308): r0 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x41982) readv(r0, &(0x7f0000000500)=[{0x0}], 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x2, 0x0, 0x2, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r5, 0x11b, 0x2, &(0x7f00000001c0)=0x1004, 0x4) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYRES64=0x0], 0x118) fsopen(&(0x7f0000000280)='cifs\x00', 0x0) syz_open_dev$vim2m(&(0x7f0000000040), 0x7, 0x2) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x88fd537e5e114b6f, 0x12, 0xffffffffffffffff, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f00000002c0)={0x0, 0x0, @pic={0x74, 0xc0, 0x8, 0x6, 0xf9, 0x2, 0xf, 0x4, 0x3, 0x0, 0x67, 0x58, 0xa0, 0x2, 0x6, 0x7e}}) ioctl$TCSETS2(0xffffffffffffffff, 0x402c542b, 0x0) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000000)={[0x18addbac, 0x591, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x8000000000001, 0x7, 0x5, 0x3, 0xfffffffffffffffe, 0x45, 0x14, 0xbdb], 0xffff1000, 0x1c4213}) unshare(0x8040600) ioctl$KVM_RUN(r6, 0xae80, 0x0) capset(0x0, &(0x7f0000000280)={0x0, 0x8004, 0x0, 0x81, 0xffffffff}) 7.255516033s ago: executing program 0 (id=309): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket(0x1, 0x803, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000140)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0xb}, 0x50) io_uring_setup(0xf0c, &(0x7f0000000400)={0x0, 0xc46e, 0x1000, 0xffffffff, 0x3}) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_tcp(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) socket$netlink(0x10, 0x3, 0x0) pipe2$9p(&(0x7f0000000280), 0x80000) r0 = syz_io_uring_setup(0x19f2, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000140)=0x0, &(0x7f0000000100)=0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000040)={'syztnl2\x00', &(0x7f0000000180)={'syztnl0\x00', 0x0, 0x14, 0x0, 0x8, 0xffdffffc, 0x30, @empty, @empty, 0x1, 0x1, 0x2}}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[@ANYRES64=r3], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x66, 0x0, @fd_index=0x7, 0x8000000eb, 0x0, 0x0, 0x13, 0x1}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 7.172734194s ago: executing program 2 (id=310): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480), 0x202, 0x0) mmap(&(0x7f0000005000/0x4000)=nil, 0x4000, 0x1000001, 0x2172, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) futex(&(0x7f0000004000)=0x2, 0x8d, 0x2, 0x0, 0x0, 0x82) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000380)='uid_map\x00') read$FUSE(r0, &(0x7f0000002180)={0x2020}, 0x2020) 6.994833395s ago: executing program 4 (id=311): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480), 0x202, 0x0) mmap(&(0x7f0000005000/0x4000)=nil, 0x4000, 0x1000001, 0x2172, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) futex(&(0x7f0000004000)=0x2, 0x8d, 0x2, 0x0, 0x0, 0x82) bpf$PROG_LOAD(0x5, 0x0, 0x0) io_setup(0x3, &(0x7f00000000c0)) unshare(0x24020400) r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x4) fcntl$setstatus(r0, 0x4, 0x42000) 6.104574405s ago: executing program 2 (id=312): socket$nl_generic(0x10, 0x3, 0x10) creat(&(0x7f00000000c0)='./file0\x00', 0x0) open(&(0x7f00009e1000)='./file0\x00', 0x64942, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)) pipe2$9p(0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x400000000010, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) pipe2$9p(&(0x7f0000000300), 0x80) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) r0 = syz_io_uring_setup(0x462, &(0x7f0000000280)={0x0, 0x40000020, 0x10, 0x2, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x42, 0x4, r3, 0x0, 0x0, 0x0, 0x80000, 0x1}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 6.094580972s ago: executing program 0 (id=313): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_PROMISC(r1, 0x6b, 0x2, &(0x7f0000000200)=0x1, 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18) setsockopt$sock_int(r1, 0x1, 0x6, 0x0, 0x0) sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081) syz_open_procfs(0xffffffffffffffff, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x24, 0x68, 0x309, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}, @NHA_ID={0x8, 0x1, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x240400c4}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x2001, 0x0) read(r4, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r6 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r6, &(0x7f0000000000)={0xa, 0xfffe, 0x8, @mcast2, 0x9}, 0x1c) fdatasync(0xffffffffffffffff) setsockopt$SO_J1939_FILTER(r1, 0x6b, 0x1, &(0x7f00000001c0), 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=@newtfilter={0x24, 0x11, 0x1, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x74, r2, {0xffff, 0x8}, {0xfff1, 0xa}, {0x1, 0x8}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x2400c840}, 0x4000850) r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCVHANGUP(r7, 0x5437, 0x8000000) 5.958812138s ago: executing program 1 (id=314): openat$binderfs(0xffffffffffffff9c, 0x0, 0x800, 0x0) open(0x0, 0x2a4c0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0) r0 = inotify_init1(0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002300), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) r2 = eventfd(0xfffffffd) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x0, r2}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000380)={0x1, 0x0, 0x0, &(0x7f0000000280)=""/233, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000780)={0x0, 0x1, 0x0, &(0x7f0000000700)=""/88, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f00000005c0)) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000) write$eventfd(r2, &(0x7f00000000c0)=0xfffffffffffffffe, 0x8) inotify_add_watch(r0, &(0x7f00000001c0)='./file0\x00', 0x4000064f) socketpair$unix(0x1, 0x3, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x4c0f, 0x400, 0x3, 0x288}, &(0x7f0000000240)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r3, 0x12a8f, 0xf264, 0x40, 0x0, 0x0) 5.796135865s ago: executing program 4 (id=315): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480), 0x202, 0x0) mmap(&(0x7f0000005000/0x4000)=nil, 0x4000, 0x1000001, 0x2172, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) futex(&(0x7f0000004000)=0x2, 0x8d, 0x2, 0x0, 0x0, 0x82) bpf$PROG_LOAD(0x5, 0x0, 0x0) io_setup(0x3, &(0x7f00000000c0)=0x0) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r1 = socket$igmp(0x2, 0x3, 0x2) getsockopt$IPT_SO_GET_INFO(r1, 0x0, 0x40, &(0x7f00000002c0)={'nat\x00', 0x0, [0x0, 0x9bb, 0xc, 0x7fffffff, 0xc335]}, &(0x7f0000000040)=0x54) r2 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') openat$binfmt(0xffffffffffffff9c, r2, 0x42, 0x1ff) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5) unshare(0x24020400) r4 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)=[0x4], 0x0, 0x0, 0x1, 0x1}}, 0x40) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={r4, 0xffffffffffffffdc, &(0x7f00000002c0)}, 0x10) io_submit(r0, 0x0, 0x0) eventfd2(0x8, 0x80001) r5 = syz_open_procfs(0x0, &(0x7f0000000380)='uid_map\x00') read$FUSE(r5, &(0x7f0000002180)={0x2020}, 0x2020) mknodat$loop(r5, &(0x7f0000000080)='./file0\x00', 0x200, 0x1) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20d42, 0x4) r6 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x4) fcntl$setstatus(r6, 0x4, 0x42000) 4.532292317s ago: executing program 3 (id=316): socket$nl_netfilter(0x10, 0x3, 0xc) sched_setscheduler(0x0, 0x1, 0x0) unshare(0x60000600) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x21}}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) unshare(0x22020600) r0 = socket(0x18, 0x800, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000440)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @loopback}}, 0x24) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, 0x0, 0x0, 0x3}, 0x94) r1 = socket$inet(0xa, 0x801, 0x84) connect$inet(r1, 0x0, 0x0) 3.856378166s ago: executing program 0 (id=317): r0 = syz_open_dev$dvb_frontend(&(0x7f0000000040), 0x0, 0x0) ioctl$FE_GET_PROPERTY(r0, 0x80086f53, &(0x7f0000000080)={0x31, 0x0}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000740), 0xffffffffffffffff) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x800) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r3, &(0x7f0000000840), 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x68c81, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) dup(r7) msgrcv(0x0, 0x0, 0x0, 0x2, 0x3800) ioctl$KVM_PRE_FAULT_MEMORY(r6, 0xc040aed5, 0x0) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)={0x38, r2, 0x325, 0xfffffffe, 0x0, {}, [@TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x6}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x29}]}]}, 0x38}}, 0x0) sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x4040000}, 0x20000040) 3.743961944s ago: executing program 2 (id=318): socket$packet(0x11, 0x3, 0x300) epoll_create1(0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0xe) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom0\x00', 0x803, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_setup(0x110, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) r1 = msgget(0x2, 0x624) msgctl$IPC_RMID(r1, 0x0) r2 = syz_open_dev$media(&(0x7f0000000080), 0x8, 0x88000) ioctl$MEDIA_IOC_REQUEST_ALLOC(r2, 0x80047c05, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r3, &(0x7f0000006b80)=[{{&(0x7f0000000040)={0xa, 0x4e24, 0x0, @local}, 0x1c, 0x0}}], 0x1, 0x0) r4 = syz_open_dev$cec(&(0x7f00000002c0), 0x0, 0x181800) ioctl$CEC_ADAP_S_LOG_ADDRS(r4, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x5, 0x4a, 0x8, 0x1ff, "2178d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", '\x00\x00\x00\b', "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "fa000000fcffff853c00"]}) futex(0x0, 0x85, 0x0, 0x0, &(0x7f00000000c0)=0x1, 0x2) 3.331868984s ago: executing program 4 (id=319): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0xc, 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x7, 0x1ff003, 0x81, 0x86f, 0x1}, 0x50) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0x2}, {0xffff, 0xffff}, {0x10}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x51}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x845}, 0x24008004) ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000180)={0x2, @meta={0x4d435655, 0x4ce635a2, 0x255f, 0xdbab, 0x320a8d6f}}) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x400000000a882, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x28011, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x17) ioctl$KVM_RUN(r2, 0xae80, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0x2, &(0x7f0000000140)=@raw=[@ldst={0x1, 0x2, 0x4, 0x0, 0x1, 0xaa}, @exit], &(0x7f00000000c0)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffede}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x4, 0x0, 0x2, &(0x7f0000000040)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000140)=@arm64={0xe7, 0xe, 0x3, '\x00', 0xb44b}) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{0x30000, 0xeeef0000, 0xe, 0x0, 0x81, 0x4, 0xa, 0x4e, 0x0, 0x5, 0x6, 0x1}, {0x8000000, 0xffff1000, 0x3, 0x5, 0x2, 0x8, 0xd, 0x3, 0x0, 0x81, 0x8, 0x1}, {0x5000, 0x0, 0x0, 0x7, 0x3, 0x1, 0x7, 0xf, 0x8, 0x6, 0x2}, {0xeeef0000, 0xd5dd0000, 0xe, 0x2, 0x1, 0x3, 0xc, 0x0, 0x1, 0x6, 0x4, 0x9}, {0x100002, 0xeeee8000, 0x9, 0x0, 0x80, 0xee, 0x0, 0x7, 0x7c, 0x0, 0xe, 0x9}, {0x3000, 0x4, 0x8, 0x1, 0x5, 0x4, 0x1, 0x1, 0x6, 0x86, 0xb, 0x2}, {0xeeee8000, 0xeeee0000, 0xc, 0x7, 0x7, 0x3, 0x1d, 0x47, 0x30, 0x2, 0x8, 0xe1}, {0xf000, 0x2, 0xc, 0xf8, 0xfd, 0xa, 0x2, 0x44, 0x3, 0x8, 0x5, 0xce}, {0x54000, 0x7}, {0x6000, 0x5}, 0x80000035, 0x0, 0x0, 0x40, 0x3, 0x1000, 0xeeef0000, [0x5, 0x8001, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.826511936s ago: executing program 2 (id=320): r0 = openat$ttyprintk(0xffffff9c, &(0x7f0000000000), 0x228c21, 0x0) ioctl$TIOCGPGRP(r0, 0x540f, 0x0) ioctl$NILFS_IOCTL_CLEAN_SEGMENTS(r0, 0x40786e88, &(0x7f0000000280)={{0x0, 0x0, 0x40, 0xf390, 0x4af}, {&(0x7f0000000140)=[{0x70000000000000, 0x420b1286}, {0x2046, 0xd}], 0x2, 0x10, 0x7f, 0x5}, {&(0x7f0000000180)=[0x80000000, 0x5, 0x3, 0xfffffffffffffffa], 0x4, 0x8, 0x3ff, 0x4}, {&(0x7f00000001c0)=[{0x8, 0x1d9, 0x6, 0x1, 0x6}, {0x8, 0x2f, 0x5, 0xffffffffffffffff, 0x7f}], 0x2, 0x28, 0xffff, 0x7fffffff}, {&(0x7f0000000240)=[0x7ff, 0x0, 0x2, 0xf3d], 0x4, 0x8, 0x6, 0xfffffffffffffffd}}) mkdir(0x0, 0x108) r1 = fsopen(&(0x7f0000000340)='hpfs\x00', 0x1) syz_emit_vhci(&(0x7f00000003c0)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x6, 0xc9, 0x3}}}, 0x7) r2 = syz_open_dev$loop(0x0, 0x3, 0x40000) ioctl$LOOP_SET_FD(r2, 0x4c00, r1) rename(&(0x7f0000000500)='./file0\x00', 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) mount(&(0x7f0000000580)=@rnullb, 0x0, &(0x7f0000000600)='jffs2\x00', 0x4, &(0x7f0000000640)='\x00') syz_emit_vhci(&(0x7f0000000700)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x8, 0x50, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000005b40)={&(0x7f0000002a00)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x4, 0x4, 0x4, {0xa, 0x4e20, 0x2, @empty, 0xffff}}}, 0x80, &(0x7f0000002ac0)=[{0x0}], 0x1}, 0x440c1) sendmsg$NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, 0x0, 0x410) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x802) 1.6713615s ago: executing program 1 (id=321): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0xc, 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x7, 0x1ff003, 0x81, 0x86f, 0x1}, 0x50) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0x2}, {0xffff, 0xffff}, {0x10}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x51}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x845}, 0x24008004) ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000180)={0x2, @meta={0x4d435655, 0x4ce635a2, 0x255f, 0xdbab, 0x320a8d6f}}) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x400000000a882, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x28011, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x17) ioctl$KVM_RUN(r2, 0xae80, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0x2, &(0x7f0000000140)=@raw=[@ldst={0x1, 0x2, 0x4, 0x0, 0x1, 0xaa}, @exit], &(0x7f00000000c0)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffede}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x4, 0x0, 0x2, &(0x7f0000000040)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000140)=@arm64={0xe7, 0xe, 0x3, '\x00', 0xb44b}) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{0x30000, 0xeeef0000, 0xe, 0x0, 0x81, 0x4, 0xa, 0x4e, 0x0, 0x5, 0x6, 0x1}, {0x8000000, 0xffff1000, 0x3, 0x5, 0x2, 0x8, 0xd, 0x3, 0x0, 0x81, 0x8, 0x1}, {0x5000, 0x0, 0x0, 0x7, 0x3, 0x1, 0x7, 0xf, 0x8, 0x6, 0x2}, {0xeeef0000, 0xd5dd0000, 0xe, 0x2, 0x1, 0x3, 0xc, 0x0, 0x1, 0x6, 0x4, 0x9}, {0x100002, 0xeeee8000, 0x9, 0x0, 0x80, 0xee, 0x0, 0x7, 0x7c, 0x0, 0xe, 0x9}, {0x3000, 0x4, 0x8, 0x1, 0x5, 0x4, 0x1, 0x1, 0x6, 0x86, 0xb, 0x2}, {0xeeee8000, 0xeeee0000, 0xc, 0x7, 0x7, 0x3, 0x1d, 0x47, 0x30, 0x2, 0x8, 0xe1}, {0xf000, 0x2, 0xc, 0xf8, 0xfd, 0xa, 0x2, 0x44, 0x3, 0x8, 0x5, 0xce}, {0x54000, 0x7}, {0x6000, 0x5}, 0x80000035, 0x0, 0x0, 0x40, 0x3, 0x1000, 0xeeef0000, [0x5, 0x8001, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.221604282s ago: executing program 2 (id=322): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x200180, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x8081) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_route(0x10, 0x3, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) open(0x0, 0x0, 0xa0) connect$unix(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) r2 = syz_io_uring_setup(0x10d, &(0x7f0000000540)={0x0, 0xd4bb, 0x0, 0xfffffffd}, &(0x7f0000000380)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0x10000, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x2, r1, 0x0, 0x0, 0x0, 0x80800}) io_uring_enter(r2, 0x3517, 0xc2de, 0x9, 0x0, 0x0) syz_usb_connect$uac1(0x0, 0x96, 0x0, 0x0) 786.234824ms ago: executing program 0 (id=323): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket(0x1, 0x803, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000140)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0xb}, 0x50) io_uring_setup(0xf0c, &(0x7f0000000400)={0x0, 0xc46e, 0x1000, 0xffffffff, 0x3}) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_tcp(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) socket$netlink(0x10, 0x3, 0x0) pipe2$9p(&(0x7f0000000280), 0x80000) r0 = syz_io_uring_setup(0x19f2, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000140)=0x0, &(0x7f0000000100)=0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000040)={'syztnl2\x00', &(0x7f0000000180)={'syztnl0\x00', 0x0, 0x14, 0x0, 0x8, 0xffdffffc, 0x30, @empty, @empty, 0x1, 0x1, 0x2}}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[@ANYRES64=r3], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x66, 0x0, @fd_index=0x7, 0x8000000eb, 0x0, 0x0, 0x13, 0x1}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 569.690372ms ago: executing program 4 (id=324): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480), 0x202, 0x0) mmap(&(0x7f0000005000/0x4000)=nil, 0x4000, 0x1000001, 0x2172, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) futex(&(0x7f0000004000)=0x2, 0x8d, 0x2, 0x0, 0x0, 0x82) bpf$PROG_LOAD(0x5, 0x0, 0x0) io_setup(0x3, &(0x7f00000000c0)=0x0) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r2 = socket$igmp(0x2, 0x3, 0x2) getsockopt$IPT_SO_GET_INFO(r2, 0x0, 0x40, &(0x7f00000002c0)={'nat\x00', 0x0, [0x0, 0x9bb, 0xc, 0x7fffffff, 0xc335]}, &(0x7f0000000040)=0x54) r3 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') openat$binfmt(0xffffffffffffff9c, r3, 0x42, 0x1ff) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5) unshare(0x24020400) r5 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r4, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)=[0x4], 0x0, 0x0, 0x1, 0x1}}, 0x40) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={r5, 0xffffffffffffffdc, &(0x7f00000002c0)}, 0x10) io_submit(r1, 0x0, 0x0) ioctl$XFS_IOC_FSINUMBERS(r0, 0xc0205867, &(0x7f0000000440)={&(0x7f00000001c0)=0x8000007, 0xfffffffe, &(0x7f00000007c0)=[{}, {}, {}, {}], &(0x7f00000003c0)}) r6 = syz_open_procfs(0x0, &(0x7f0000000380)='uid_map\x00') read$FUSE(r6, &(0x7f0000002180)={0x2020}, 0x2020) mknodat$loop(r6, &(0x7f0000000080)='./file0\x00', 0x200, 0x1) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20d42, 0x4) r7 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x4) fcntl$setstatus(r7, 0x4, 0x42000) 200.565711ms ago: executing program 3 (id=325): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480), 0x202, 0x0) mmap(&(0x7f0000005000/0x4000)=nil, 0x4000, 0x1000001, 0x2172, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) futex(&(0x7f0000004000)=0x2, 0x8d, 0x2, 0x0, 0x0, 0x82) bpf$PROG_LOAD(0x5, 0x0, 0x0) io_setup(0x3, &(0x7f00000000c0)=0x0) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r2 = socket$igmp(0x2, 0x3, 0x2) getsockopt$IPT_SO_GET_INFO(r2, 0x0, 0x40, &(0x7f00000002c0)={'nat\x00', 0x0, [0x0, 0x9bb, 0xc, 0x7fffffff, 0xc335]}, &(0x7f0000000040)=0x54) r3 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') openat$binfmt(0xffffffffffffff9c, r3, 0x42, 0x1ff) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5) unshare(0x24020400) r5 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r4, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)=[0x4], 0x0, 0x0, 0x1, 0x1}}, 0x40) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={r5, 0xffffffffffffffdc, &(0x7f00000002c0)}, 0x10) io_submit(r1, 0x0, 0x0) ioctl$XFS_IOC_FSINUMBERS(r0, 0xc0205867, &(0x7f0000000440)={&(0x7f00000001c0)=0x8000007, 0xfffffffe, &(0x7f00000007c0)=[{}, {}, {}, {}], &(0x7f00000003c0)}) r6 = syz_open_procfs(0x0, &(0x7f0000000380)='uid_map\x00') read$FUSE(r6, &(0x7f0000002180)={0x2020}, 0x2020) mknodat$loop(r6, &(0x7f0000000080)='./file0\x00', 0x200, 0x1) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20d42, 0x4) r7 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x4) fcntl$setstatus(r7, 0x4, 0x42000) 0s ago: executing program 0 (id=326): r0 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x41982) readv(r0, &(0x7f0000000500)=[{0x0}], 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x2, 0x0, 0x2, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r5, 0x11b, 0x2, &(0x7f00000001c0)=0x1004, 0x4) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYRES64=0x0], 0x118) fsopen(&(0x7f0000000280)='cifs\x00', 0x0) syz_open_dev$vim2m(&(0x7f0000000040), 0x7, 0x2) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x88fd537e5e114b6f, 0x12, 0xffffffffffffffff, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f00000002c0)={0x0, 0x0, @pic={0x74, 0xc0, 0x8, 0x6, 0xf9, 0x2, 0xf, 0x4, 0x3, 0x0, 0x67, 0x58, 0xa0, 0x2, 0x6, 0x7e}}) ioctl$TCSETS2(0xffffffffffffffff, 0x402c542b, 0x0) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000000)={[0x18addbac, 0x591, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x8000000000001, 0x7, 0x5, 0x3, 0xfffffffffffffffe, 0x45, 0x14, 0xbdb], 0xffff1000, 0x1c4213}) unshare(0x8040600) ioctl$KVM_RUN(r6, 0xae80, 0x0) capset(0x0, &(0x7f0000000280)={0x0, 0x8004, 0x0, 0x81, 0xffffffff}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.71' (ED25519) to the list of known hosts. [ 189.914720][ T5755] cgroup: Unknown subsys name 'net' [ 190.049199][ T5755] cgroup: Unknown subsys name 'cpuset' [ 190.065477][ T5755] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 197.154479][ T5755] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 203.618087][ T5778] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 203.626172][ T5778] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 203.646148][ T5781] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 203.657868][ T5782] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 203.658902][ T5785] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 203.668854][ T5782] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 203.676147][ T5785] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 203.682284][ T5782] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 203.690244][ T5785] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 203.697973][ T5782] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 203.711603][ T5782] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 203.723729][ T5782] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 203.746584][ T5782] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 203.748545][ T5781] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 203.756418][ T5782] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 203.762554][ T5781] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 203.773168][ T5782] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 203.782792][ T5781] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 203.798839][ T49] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 203.809868][ T5782] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 203.886672][ T5778] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 203.899474][ T5778] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 203.916168][ T5778] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 203.968763][ T5778] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 203.985466][ T5778] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 205.825171][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 205.877678][ T5777] Bluetooth: hci0: command tx timeout [ 205.877867][ T49] Bluetooth: hci3: command tx timeout [ 205.889824][ T5778] Bluetooth: hci1: command tx timeout [ 205.939082][ T5773] chnl_net:caif_netlink_parms(): no params data found [ 205.957595][ T5778] Bluetooth: hci2: command tx timeout [ 206.038665][ T5778] Bluetooth: hci4: command tx timeout [ 206.237677][ T5774] chnl_net:caif_netlink_parms(): no params data found [ 206.426275][ T5783] chnl_net:caif_netlink_parms(): no params data found [ 206.454987][ T5775] chnl_net:caif_netlink_parms(): no params data found [ 207.305712][ T5773] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.313968][ T5773] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.323673][ T5773] bridge_slave_0: entered allmulticast mode [ 207.333561][ T5773] bridge_slave_0: entered promiscuous mode [ 207.537350][ T5774] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.579867][ T5774] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.604050][ T5774] bridge_slave_0: entered allmulticast mode [ 207.615245][ T5774] bridge_slave_0: entered promiscuous mode [ 207.630140][ T5773] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.638472][ T5773] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.646227][ T5773] bridge_slave_1: entered allmulticast mode [ 207.656704][ T5773] bridge_slave_1: entered promiscuous mode [ 207.672531][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.680643][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.688821][ T5788] bridge_slave_0: entered allmulticast mode [ 207.698283][ T5788] bridge_slave_0: entered promiscuous mode [ 207.741540][ T5774] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.749877][ T5774] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.757701][ T5774] bridge_slave_1: entered allmulticast mode [ 207.766435][ T5774] bridge_slave_1: entered promiscuous mode [ 207.837364][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.844964][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.853082][ T5788] bridge_slave_1: entered allmulticast mode [ 207.862168][ T5788] bridge_slave_1: entered promiscuous mode [ 207.957529][ T49] Bluetooth: hci3: command tx timeout [ 207.967253][ T49] Bluetooth: hci0: command tx timeout [ 207.973281][ T5778] Bluetooth: hci1: command tx timeout [ 207.975344][ T5773] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.037347][ T5778] Bluetooth: hci2: command tx timeout [ 208.048353][ T5783] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.055948][ T5783] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.064038][ T5783] bridge_slave_0: entered allmulticast mode [ 208.073116][ T5783] bridge_slave_0: entered promiscuous mode [ 208.117677][ T5778] Bluetooth: hci4: command tx timeout [ 208.120067][ T5773] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.159248][ T5775] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.167732][ T5775] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.175270][ T5775] bridge_slave_0: entered allmulticast mode [ 208.184724][ T5775] bridge_slave_0: entered promiscuous mode [ 208.226445][ T5783] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.234842][ T5783] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.243219][ T5783] bridge_slave_1: entered allmulticast mode [ 208.252873][ T5783] bridge_slave_1: entered promiscuous mode [ 208.273349][ T5774] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.311277][ T5775] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.319474][ T5775] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.327539][ T5775] bridge_slave_1: entered allmulticast mode [ 208.336390][ T5775] bridge_slave_1: entered promiscuous mode [ 208.357092][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.405077][ T5774] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.422784][ T5773] team0: Port device team_slave_0 added [ 208.470447][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.542504][ T5773] team0: Port device team_slave_1 added [ 208.618562][ T5783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.699412][ T5775] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.745952][ T5783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.766218][ T5774] team0: Port device team_slave_0 added [ 208.808943][ T5775] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.826275][ T5788] team0: Port device team_slave_0 added [ 208.886510][ T5774] team0: Port device team_slave_1 added [ 208.895064][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 208.902323][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 208.929264][ T5773] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 208.978456][ T5788] team0: Port device team_slave_1 added [ 209.041277][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 209.048856][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 209.075501][ T5773] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 209.152430][ T5783] team0: Port device team_slave_0 added [ 209.178732][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 209.185415][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 209.195294][ T5783] team0: Port device team_slave_1 added [ 209.257715][ T5775] team0: Port device team_slave_0 added [ 209.320054][ T5774] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 209.327385][ T5774] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 209.354855][ T5774] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 209.373234][ T5774] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 209.380951][ T5774] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 209.408301][ T5774] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 209.427956][ T5775] team0: Port device team_slave_1 added [ 209.436481][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 209.443913][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 209.470735][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 209.518065][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 209.525233][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 209.552054][ T5783] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 209.612511][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 209.620040][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 209.647346][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 209.689746][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 209.696826][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 209.723415][ T5783] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 209.840697][ T5775] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 209.848215][ T5775] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 209.875235][ T5775] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 209.893738][ T5775] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 209.901318][ T5775] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 209.928566][ T5775] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 209.955369][ T5773] hsr_slave_0: entered promiscuous mode [ 209.965255][ T5773] hsr_slave_1: entered promiscuous mode [ 210.037238][ T5778] Bluetooth: hci1: command tx timeout [ 210.043050][ T5778] Bluetooth: hci0: command tx timeout [ 210.047932][ T49] Bluetooth: hci3: command tx timeout [ 210.117670][ T49] Bluetooth: hci2: command tx timeout [ 210.137467][ T5774] hsr_slave_0: entered promiscuous mode [ 210.146580][ T5774] hsr_slave_1: entered promiscuous mode [ 210.155076][ T5774] debugfs: 'hsr0' already exists in 'hsr' [ 210.161062][ T5774] Cannot create hsr debugfs directory [ 210.197259][ T49] Bluetooth: hci4: command tx timeout [ 210.304626][ T5783] hsr_slave_0: entered promiscuous mode [ 210.315281][ T5783] hsr_slave_1: entered promiscuous mode [ 210.324210][ T5783] debugfs: 'hsr0' already exists in 'hsr' [ 210.330327][ T5783] Cannot create hsr debugfs directory [ 210.472827][ T5788] hsr_slave_0: entered promiscuous mode [ 210.482015][ T5788] hsr_slave_1: entered promiscuous mode [ 210.490812][ T5788] debugfs: 'hsr0' already exists in 'hsr' [ 210.496837][ T5788] Cannot create hsr debugfs directory [ 210.633746][ T5775] hsr_slave_0: entered promiscuous mode [ 210.642753][ T5775] hsr_slave_1: entered promiscuous mode [ 210.651358][ T5775] debugfs: 'hsr0' already exists in 'hsr' [ 210.657329][ T5775] Cannot create hsr debugfs directory [ 212.078021][ T5773] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 212.117437][ T49] Bluetooth: hci0: command tx timeout [ 212.125341][ T5773] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 212.132554][ T49] Bluetooth: hci3: command tx timeout [ 212.132673][ T49] Bluetooth: hci1: command tx timeout [ 212.159388][ T5773] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 212.198684][ T5773] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 212.207330][ T5778] Bluetooth: hci2: command tx timeout [ 212.278532][ T5778] Bluetooth: hci4: command tx timeout [ 212.324947][ T5774] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 212.382580][ T5774] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 212.417907][ T5774] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 212.470721][ T5774] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 212.798413][ T5783] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 212.859341][ T5783] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 212.882398][ T5783] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 212.912604][ T5783] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 213.266055][ T5775] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 213.291309][ T5775] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 213.331000][ T5775] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 213.360934][ T5775] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 213.399718][ T5773] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.623584][ T5773] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.715765][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.723321][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.803592][ T2934] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.811376][ T2934] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.853794][ T5788] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 213.883327][ T5788] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 213.951405][ T5788] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 213.974898][ T5788] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 214.184057][ T5774] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.442480][ T5774] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.572979][ T5783] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.639101][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.646764][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.703988][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.711620][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.916775][ T5783] 8021q: adding VLAN 0 to HW filter on device team0 [ 215.026141][ T2986] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.034322][ T2986] bridge0: port 1(bridge_slave_0) entered forwarding state [ 215.201143][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.208646][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 215.275387][ T5775] 8021q: adding VLAN 0 to HW filter on device bond0 [ 215.436018][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 215.568015][ T5775] 8021q: adding VLAN 0 to HW filter on device team0 [ 215.684066][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.692215][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 215.762809][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 215.882265][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.890122][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 215.925057][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.932673][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 216.041610][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.049704][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 216.273827][ T5773] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 216.769282][ T5774] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 217.336734][ T5773] veth0_vlan: entered promiscuous mode [ 217.458555][ T5773] veth1_vlan: entered promiscuous mode [ 217.985417][ T5783] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 218.018915][ T5773] veth0_macvtap: entered promiscuous mode [ 218.141151][ T5773] veth1_macvtap: entered promiscuous mode [ 218.486729][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 218.631379][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 218.768737][ T56] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.781470][ T56] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.824749][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 218.845005][ T5775] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 218.860511][ T56] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.870771][ T56] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.881144][ T5783] veth0_vlan: entered promiscuous mode [ 219.090451][ T5783] veth1_vlan: entered promiscuous mode [ 219.287030][ T5774] veth0_vlan: entered promiscuous mode [ 219.460775][ T5774] veth1_vlan: entered promiscuous mode [ 219.656037][ T5775] veth0_vlan: entered promiscuous mode [ 219.724985][ T5783] veth0_macvtap: entered promiscuous mode [ 219.806533][ T5783] veth1_macvtap: entered promiscuous mode [ 219.872080][ T5788] veth0_vlan: entered promiscuous mode [ 219.923966][ T5775] veth1_vlan: entered promiscuous mode [ 220.090909][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 220.133140][ T5788] veth1_vlan: entered promiscuous mode [ 220.182776][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 220.193011][ T5774] veth0_macvtap: entered promiscuous mode [ 220.328816][ T34] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.394245][ T34] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.408687][ T34] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.430837][ T5774] veth1_macvtap: entered promiscuous mode [ 220.496500][ T34] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.605954][ T5775] veth0_macvtap: entered promiscuous mode [ 220.775018][ T5775] veth1_macvtap: entered promiscuous mode [ 220.941111][ T5774] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 220.956257][ T5788] veth0_macvtap: entered promiscuous mode [ 221.059814][ T5774] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 221.075081][ T5788] veth1_macvtap: entered promiscuous mode [ 221.134207][ T5775] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 221.214304][ T56] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.239301][ T56] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.368672][ T56] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.395299][ T56] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.496422][ T5775] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 221.573175][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 221.739284][ T56] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.762801][ T56] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.773326][ T56] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.833398][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 221.876813][ T56] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.970323][ T2934] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.000454][ T2934] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.078603][ T2934] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.119890][ T2934] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.498097][ T1135] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 223.506168][ T1135] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 223.835591][ T2934] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 223.905309][ T2934] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 224.539711][ T5773] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 227.989028][ C0] hrtimer: interrupt took 1912991 ns [ 228.244058][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 228.314094][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 228.843317][ T1135] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 228.897550][ T1135] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 230.568464][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 230.576714][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 231.109683][ T2934] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 231.163327][ T2934] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 231.603920][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 231.644391][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 231.903192][ T5976] Zero length message leads to an empty skb [ 232.183982][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 232.196064][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 232.517763][ T34] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 232.525836][ T34] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 232.936672][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 232.968037][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 234.174747][ T5984] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 234.698594][ T5987] tipc: Started in network mode [ 234.819970][ T5987] tipc: Node identity 7e2d10cfd3b9, cluster identity 4711 [ 235.048340][ T5987] tipc: Enabled bearer , priority 0 [ 235.183156][ T5990] syzkaller0: entered promiscuous mode [ 235.225397][ T5990] syzkaller0: entered allmulticast mode [ 235.524439][ T5995] tipc: Resetting bearer [ 235.599742][ T5985] tipc: Resetting bearer [ 235.709840][ T5985] tipc: Disabling bearer [ 236.991356][ T6013] tipc: Started in network mode [ 237.029363][ T6013] tipc: Node identity 52d4de0c615, cluster identity 4711 [ 237.060820][ T6013] tipc: Enabled bearer , priority 0 [ 237.333002][ T6016] syzkaller0: entered promiscuous mode [ 237.473319][ T6016] syzkaller0: entered allmulticast mode [ 237.948494][ T6013] tipc: Resetting bearer [ 238.144561][ T6011] tipc: Resetting bearer [ 238.171758][ T6011] tipc: Disabling bearer [ 238.285450][ T795] tipc: Node number set to 864345612 [ 243.515618][ T6063] netlink: 40 bytes leftover after parsing attributes in process `syz.0.22'. [ 245.598760][ T6079] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 246.518169][ T6086] loop1: detected capacity change from 0 to 4096 [ 246.665953][ T6086] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 246.830853][ T6086] netlink: 72 bytes leftover after parsing attributes in process `syz.1.28'. [ 248.287880][ T6112] GUP no longer grows the stack in syz.2.33 (6112): 80006000-80009000 (80004000) [ 248.363145][ T6112] CPU: 1 UID: 0 PID: 6112 Comm: syz.2.33 Not tainted syzkaller #0 PREEMPT(full) [ 248.363263][ T6112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 248.363328][ T6112] Call Trace: [ 248.363365][ T6112] [ 248.363402][ T6112] __dump_stack+0x26/0x30 [ 248.363533][ T6112] dump_stack_lvl+0x14c/0x1c0 [ 248.363654][ T6112] dump_stack+0x1e/0x25 [ 248.363760][ T6112] fixup_user_fault+0xcc0/0xde0 [ 248.363903][ T6112] fault_in_user_writeable+0x99/0x1a0 [ 248.364031][ T6112] futex_lock_pi+0x5a8/0x1530 [ 248.364160][ T6112] ? futex_unqueue+0x22d/0x2c0 [ 248.364285][ T6112] ? kmsan_get_metadata+0xf1/0x160 [ 248.364426][ T6112] ? __se_sys_futex_time32+0x557/0x6c0 [ 248.364560][ T6112] ? __msan_warning+0x1b/0x30 [ 248.364687][ T6112] ? __pfx_futex_wake_mark+0x10/0x10 [ 248.364862][ T6112] do_futex+0x2e1/0x480 [ 248.364988][ T6112] __se_sys_futex_time32+0x557/0x6c0 [ 248.365123][ T6112] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 248.365270][ T6112] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 248.365436][ T6112] __ia32_sys_futex_time32+0x112/0x1a0 [ 248.365681][ T6112] ia32_sys_call+0x11ea/0x4360 [ 248.365830][ T6112] __do_fast_syscall_32+0x17f/0x3f0 [ 248.365996][ T6112] do_fast_syscall_32+0x37/0x80 [ 248.366123][ T6112] do_SYSENTER_32+0x1f/0x30 [ 248.366267][ T6112] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 248.366404][ T6112] RIP: 0023:0xf7fd7f6c [ 248.366489][ T6112] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 248.366581][ T6112] RSP: 002b:00000000f549650c EFLAGS: 00000206 ORIG_RAX: 00000000000000f0 [ 248.366682][ T6112] RAX: ffffffffffffffda RBX: 0000000080004000 RCX: 000000000000008d [ 248.366753][ T6112] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000 [ 248.366815][ T6112] RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000 [ 248.366884][ T6112] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 248.366975][ T6112] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 248.367107][ T6112] [ 248.418686][ T5773] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 256.920738][ T6178] loop3: detected capacity change from 0 to 4096 [ 257.146042][ T6178] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 260.341077][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 263.807456][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 264.320173][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 269.557726][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 270.162021][ T6310] tipc: Started in network mode [ 270.184316][ T6310] tipc: Node identity 72ac3a45e715, cluster identity 4711 [ 270.265129][ T6310] tipc: Enabled bearer , priority 0 [ 270.284729][ T6307] loop2: detected capacity change from 0 to 4096 [ 270.353756][ T6315] tipc: Resetting bearer [ 270.543209][ T6300] tipc: Disabling bearer [ 270.571623][ T6307] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 270.647044][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 270.654091][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 272.870050][ T5788] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 275.072490][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 281.157575][ T6407] netlink: 40 bytes leftover after parsing attributes in process `syz.3.71'. [ 283.828883][ T6429] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 284.583206][ T6438] loop4: detected capacity change from 0 to 4096 [ 284.978912][ T6438] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 285.091915][ T6438] netlink: 72 bytes leftover after parsing attributes in process `syz.4.77'. [ 285.218157][ T6443] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 285.581528][ T5774] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 290.596208][ T6487] tipc: Started in network mode [ 290.664605][ T6487] tipc: Node identity ea82f587254, cluster identity 4711 [ 290.756023][ T6487] tipc: Enabled bearer , priority 0 [ 290.921186][ T6487] tipc: Resetting bearer [ 291.039653][ T6477] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 291.270601][ T6482] tipc: Disabling bearer [ 295.039048][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 297.582423][ T6534] netlink: 40 bytes leftover after parsing attributes in process `syz.0.102'. [ 299.076044][ T6543] tipc: Enabling of bearer rejected, failed to enable media [ 300.085047][ T6542] loop2: detected capacity change from 0 to 4096 [ 300.348250][ T6542] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 300.619392][ T6542] netlink: 72 bytes leftover after parsing attributes in process `syz.2.104'. [ 301.855258][ T5788] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 303.462921][ T6578] loop0: detected capacity change from 0 to 4096 [ 303.869148][ T6578] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 306.098587][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 307.513031][ T5783] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 312.329579][ T6675] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 317.702184][ T6725] netlink: 4 bytes leftover after parsing attributes in process `syz.4.136'. [ 320.416250][ T6742] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 324.409468][ T6766] netlink: 80 bytes leftover after parsing attributes in process `syz.1.149'. [ 328.272349][ T6791] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 328.998327][ T5785] Bluetooth: hci3: command 0x0406 tx timeout [ 329.004719][ T5785] Bluetooth: hci4: command 0x0406 tx timeout [ 329.011271][ T5781] Bluetooth: hci1: command 0x0406 tx timeout [ 329.017729][ T5781] Bluetooth: hci0: command 0x0406 tx timeout [ 329.024205][ T5781] Bluetooth: hci2: command 0x0406 tx timeout [ 332.070490][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 332.085519][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 335.165286][ T6850] mmap: syz.0.175 (6850) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 336.224337][ T6858] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 337.288508][ T6866] netlink: 80 bytes leftover after parsing attributes in process `syz.1.179'. [ 337.689770][ T6868] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 338.292591][ T6875] netlink: 72 bytes leftover after parsing attributes in process `syz.2.181'. [ 343.879377][ T6952] loop2: detected capacity change from 0 to 4096 [ 344.040937][ T6952] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 344.071873][ T6952] netlink: 72 bytes leftover after parsing attributes in process `syz.2.188'. [ 345.833814][ T6956] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 346.130867][ T5788] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 347.801542][ T7020] netlink: 4 bytes leftover after parsing attributes in process `syz.3.193'. [ 348.445403][ T7025] netlink: 4 bytes leftover after parsing attributes in process `syz.2.194'. [ 351.185190][ T7039] netlink: 4 bytes leftover after parsing attributes in process `syz.0.198'. [ 352.224558][ T7044] netlink: 40 bytes leftover after parsing attributes in process `syz.4.200'. [ 353.492100][ T7057] netlink: 80 bytes leftover after parsing attributes in process `syz.4.204'. [ 353.997828][ T7059] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 356.061587][ T7081] netlink: 4 bytes leftover after parsing attributes in process `syz.3.212'. [ 360.894423][ T7102] netlink: 80 bytes leftover after parsing attributes in process `syz.4.219'. [ 362.304906][ T7116] netlink: 40 bytes leftover after parsing attributes in process `syz.2.223'. [ 362.785440][ T7125] netlink: 4 bytes leftover after parsing attributes in process `syz.3.224'. [ 363.749778][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 369.337200][ T7168] netlink: 4 bytes leftover after parsing attributes in process `syz.3.234'. [ 370.330928][ T7176] netlink: 4 bytes leftover after parsing attributes in process `syz.2.235'. [ 373.324168][ T7187] tipc: Enabled bearer , priority 0 [ 373.508250][ T7187] tipc: Resetting bearer [ 373.619387][ T7183] tipc: Disabling bearer [ 374.680104][ T7203] netlink: 40 bytes leftover after parsing attributes in process `syz.2.244'. [ 376.312326][ T7219] netlink: 4 bytes leftover after parsing attributes in process `syz.1.248'. [ 380.360384][ T7226] loop2: detected capacity change from 0 to 4096 [ 380.615812][ T7226] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 380.785162][ T7240] netlink: 4 bytes leftover after parsing attributes in process `syz.0.254'. [ 382.009509][ T5788] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 382.979030][ T7257] netlink: 4 bytes leftover after parsing attributes in process `syz.1.257'. [ 383.717448][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 386.803337][ T7291] netlink: 4 bytes leftover after parsing attributes in process `syz.0.265'. [ 388.964717][ T7305] tipc: Enabled bearer , priority 0 [ 388.981613][ T7305] syzkaller0: entered promiscuous mode [ 388.992201][ T7305] syzkaller0: entered allmulticast mode [ 389.126130][ T7305] tipc: Resetting bearer [ 389.199066][ T7303] tipc: Resetting bearer [ 389.332053][ T7303] tipc: Disabling bearer [ 389.522322][ T7309] netlink: 80 bytes leftover after parsing attributes in process `syz.4.272'. [ 390.419254][ T7312] netlink: 40 bytes leftover after parsing attributes in process `syz.3.273'. [ 390.680049][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 391.899570][ T7326] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 393.504448][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 393.511547][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 397.364634][ T7358] loop3: detected capacity change from 0 to 4096 [ 397.588180][ T7358] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 397.736349][ T7358] netlink: 72 bytes leftover after parsing attributes in process `syz.3.287'. [ 399.564066][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 400.431685][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 403.186435][ T7448] netlink: 4 bytes leftover after parsing attributes in process `syz.3.294'. [ 404.955427][ T7461] netlink: 4 bytes leftover after parsing attributes in process `syz.2.297'. [ 407.420310][ T7479] netlink: 4 bytes leftover after parsing attributes in process `syz.2.301'. [ 408.120953][ T7482] netlink: 80 bytes leftover after parsing attributes in process `syz.0.302'. [ 408.485991][ T7482] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 410.335881][ T7490] loop1: detected capacity change from 0 to 4096 [ 410.413364][ T7503] netlink: 4 bytes leftover after parsing attributes in process `syz.0.307'. [ 411.284717][ T7490] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 411.495157][ T7490] netlink: 72 bytes leftover after parsing attributes in process `syz.1.304'. [ 412.199460][ T5773] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 412.822049][ T7527] netlink: 4 bytes leftover after parsing attributes in process `syz.0.313'. [ 418.849545][ T5782] Bluetooth: hci4: command 0x0406 tx timeout [ 419.117566][ C0] ===================================================== [ 419.124849][ C0] BUG: KMSAN: uninit-value in __flush_smp_call_function_queue+0x362/0x18e0 [ 419.133649][ C0] __flush_smp_call_function_queue+0x362/0x18e0 [ 419.140089][ C0] generic_smp_call_function_single_interrupt+0x1c/0x30 [ 419.147331][ C0] __sysvec_call_function_single+0x4b/0x3e0 [ 419.153441][ C0] sysvec_call_function_single+0x7c/0x90 [ 419.159269][ C0] asm_sysvec_call_function_single+0x1f/0x30 [ 419.165440][ C0] pv_native_safe_halt+0x13/0x20 [ 419.170561][ C0] default_idle+0xd/0x20 [ 419.174987][ C0] arch_cpu_idle+0xd/0x20 [ 419.179506][ C0] default_idle_call+0x3f/0x70 [ 419.184485][ C0] do_idle+0x6ad/0xa10 [ 419.188892][ C0] cpu_startup_entry+0x5f/0x80 [ 419.193825][ C0] rest_init+0x1df/0x260 [ 419.198261][ C0] start_kernel+0x6d1/0x8b0 [ 419.203179][ C0] x86_64_start_reservations+0x28/0x30 [ 419.208850][ C0] x86_64_start_kernel+0x139/0x140 [ 419.214153][ C0] common_startup_64+0x13e/0x147 [ 419.219306][ C0] [ 419.221707][ C0] Local variable warn created at: [ 419.226905][ C0] __dquot_alloc_space+0x4d/0x1cd0 [ 419.232180][ C0] shmem_inode_acct_blocks+0x376/0x5d0 [ 419.237851][ C0] [ 419.240357][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) [ 419.249649][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 419.259838][ C0] ===================================================== [ 419.266893][ C0] Disabling lock debugging due to kernel taint [ 419.273143][ C0] Kernel panic - not syncing: kmsan.panic set ... [ 419.279781][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G B syzkaller #0 PREEMPT(full) [ 419.290752][ C0] Tainted: [B]=BAD_PAGE [ 419.295170][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 419.305357][ C0] Call Trace: [ 419.308740][ C0] [ 419.311769][ C0] __dump_stack+0x26/0x30 [ 419.316301][ C0] dump_stack_lvl+0x50/0x1c0 [ 419.321179][ C0] ? dump_stack+0x12/0x25 [ 419.325746][ C0] dump_stack+0x1e/0x25 [ 419.330161][ C0] vpanic+0x7b4/0x1430 [ 419.334601][ C0] panic+0x15d/0x160 [ 419.338873][ C0] kmsan_report+0x31a/0x320 [ 419.343644][ C0] ? __msan_warning+0x1b/0x30 [ 419.348542][ C0] ? __flush_smp_call_function_queue+0x362/0x18e0 [ 419.355164][ C0] ? generic_smp_call_function_single_interrupt+0x1c/0x30 [ 419.362490][ C0] ? __sysvec_call_function_single+0x4b/0x3e0 [ 419.368776][ C0] ? sysvec_call_function_single+0x7c/0x90 [ 419.374795][ C0] ? asm_sysvec_call_function_single+0x1f/0x30 [ 419.381166][ C0] ? pv_native_safe_halt+0x13/0x20 [ 419.386472][ C0] ? default_idle+0xd/0x20 [ 419.391084][ C0] ? arch_cpu_idle+0xd/0x20 [ 419.395870][ C0] ? default_idle_call+0x3f/0x70 [ 419.401029][ C0] ? do_idle+0x6ad/0xa10 [ 419.405449][ C0] ? cpu_startup_entry+0x5f/0x80 [ 419.410560][ C0] ? rest_init+0x1df/0x260 [ 419.415190][ C0] ? start_kernel+0x6d1/0x8b0 [ 419.420184][ C0] ? x86_64_start_reservations+0x28/0x30 [ 419.426032][ C0] ? x86_64_start_kernel+0x139/0x140 [ 419.431518][ C0] ? common_startup_64+0x13e/0x147 [ 419.436861][ C0] ? kmsan_get_metadata+0xf1/0x160 [ 419.442217][ C0] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 419.448790][ C0] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 419.455128][ C0] ? kmsan_get_metadata+0xf1/0x160 [ 419.460604][ C0] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 419.466674][ C0] ? kmsan_get_metadata+0xf1/0x160 [ 419.472039][ C0] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 419.478625][ C0] ? kmsan_get_metadata+0xf1/0x160 [ 419.483971][ C0] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 419.490032][ C0] ? kmsan_get_metadata+0xf1/0x160 [ 419.495388][ C0] __msan_warning+0x1b/0x30 [ 419.500109][ C0] __flush_smp_call_function_queue+0x362/0x18e0 [ 419.506563][ C0] ? kmsan_get_metadata+0xf1/0x160 [ 419.511948][ C0] generic_smp_call_function_single_interrupt+0x1c/0x30 [ 419.519096][ C0] __sysvec_call_function_single+0x4b/0x3e0 [ 419.525216][ C0] sysvec_call_function_single+0x7c/0x90 [ 419.531048][ C0] [ 419.534168][ C0] [ 419.537236][ C0] asm_sysvec_call_function_single+0x1f/0x30 [ 419.543600][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 419.549671][ C0] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d e3 97 1b 00 55 48 89 e5 fb f4 <5d> c3 cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 419.569621][ C0] RSP: 0000:ffffffff92803d78 EFLAGS: 00000246 [ 419.575988][ C0] RAX: ffff8881aa3cc000 RBX: ffffffff9282c980 RCX: 0000000000b3949e [ 419.584136][ C0] RDX: ffff88823ea86e48 RSI: 0000000000000001 RDI: 00000000000562c4 [ 419.592254][ C0] RBP: ffffffff92803d78 R08: ffffea000000000f R09: 0000000000000007 [ 419.600369][ C0] R10: ffff88823f18ddf7 R11: ffffffff8183e580 R12: 0000000000000000 [ 419.608488][ C0] R13: 0000000000000000 R14: ffffffff9282d548 R15: 0000000000000000 [ 419.616614][ C0] ? __pfx_read_tsc+0x10/0x10 [ 419.621502][ C0] default_idle+0xd/0x20 [ 419.626034][ C0] arch_cpu_idle+0xd/0x20 [ 419.630564][ C0] default_idle_call+0x3f/0x70 [ 419.635541][ C0] do_idle+0x6ad/0xa10 [ 419.639846][ C0] cpu_startup_entry+0x5f/0x80 [ 419.644845][ C0] rest_init+0x1df/0x260 [ 419.649333][ C0] start_kernel+0x6d1/0x8b0 [ 419.654119][ C0] x86_64_start_reservations+0x28/0x30 [ 419.659817][ C0] x86_64_start_kernel+0x139/0x140 [ 419.665191][ C0] common_startup_64+0x13e/0x147 [ 419.670402][ C0] [ 419.674014][ C0] Kernel Offset: disabled [ 419.678570][ C0] Rebooting in 86400 seconds..